Privacy Protection Against Automated Tracking System Using Adversarial Patch

Advances in machine learning technologies, such as convolutional neural networks, have helped identify individuals using face recognition and identification techniques. A system can be constructed to detect the presence of specific features in an object. However, if the technologies are abused, individuals can be tracked automatically and their privacy would be violated. Therefore, it is necessary to develop a technique for avoiding automated human tracking systems that use facial identification. Conventional methods study adversarial noise to avoid recognition and face identification. However, they do not investigate the geometrical changes in the patch area. Here, we compared the performance of a non-transparent patch with that of a transparent patch and proposed a method for improving robustness against changes in position. Our experiments demonstrated that the non-transparent patch does not significantly affect the success rate of a face-identification system. The proposed method improves robustness against changes in the patch position.